Page 3 of 8 FirstFirst 12345 ... LastLast
Results 21 to 30 of 72

Thread: I've come to a conclusion on M$ security

  1. #21
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Originally posted here by SDK
    I agree that Linux in general has less security hole but that because they have less peoples probing their code for vulnerability that Microsoft.

    What about Firefox? Every week, they keep adding new patch! I was about to switch to Firebox when I noticed it was more plagued by security bug that IE is now!
    I'd say the following to your points, SDK (in good conversation form, no flames here):

    1: linux is open source and has a much greater development staff than any closed-source development. You don't have to wait forever for developers to fix problems that the users find or report. Open source rules this way, in the same manner that it's more vulnerable to exploits since you CAN see the source code (see Firefox/Thunderbird/Mozilla).

    2: Firefox has a bounty system that allows people to report and submit unpublished current-version-only critical flaws/exploits/bugs and will pay out up to $500.00. They patch regularly and their patches are not "reaction" patches of patches previously released that are to fix some immediate major hole in some random code (like IE has had). Patches aren't bad; it's the method of their delivery, the integrity they provide, and whether or not they insure that they don't break other things in the process. I would never, IMHO, say that Firefox has more bugs than IE.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  2. #22
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    This thread is a waste of space...started by a troll looking for attention.

    Linux and windows both have their problems. They are as secure as the person running it makes his box.

    As far as open vs closed source, most of the monkeys looking at your source aren't qualified to offer an informed opinion. There are other threads on this site where the subject is handled in far more detail. There is one in the programming security forum where it's beaten to death...I'd suggest going there.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  3. #23
    Senior Member
    Join Date
    Jun 2004
    Posts
    281
    We have debated this topic long and hard on which is the best OS and lost of people have always commented. What is comes down to is one thing.

    THE ADMINISTRATOR!!

    I know people who can make a ME box secure but people who run redhat and leave it wide-open to attack. This goes both ways mind you. But regardless I think it is the Administrator's or User's (if no controlled by and Admin) fault leaving a box open.

    A weak general makes for a weak army.

    - MilitantEidolon
    Yeah thats right........I said It!

    Ultimately everyone will have their own opinion--this is mine.

  4. #24
    Senior Member
    Join Date
    Oct 2001
    Posts
    748
    NT is cool but one thing about it is that Microsoft used to have a thing on their web page saying that NT should be rebooted at least once a month to deal with memory leaks. This is all fine for a home user, but not for a server.
    I've been supporting an exchange platform for a fortune 50 company that at one time had over 100k employees using our service. I've not seen the need to regularly reboot Windows NT since NT4.0 with no service pack. That was what, about 8 years ago.. You can't try to compare NT when it was about 6 years old to an OS such as Unix which was developed back in the 60's.

    Memory leaks in server applications is actually something that is still pretty common. The 3.6 RIM Blackberry Corporate server has a pretty bad memory leak in it right now that requires the application to be restarted once a month. So MS is not the only company that has had that type of problem.

    Every Windows security flaw found, first has to have the patch downloaded one at a time, then a reboot is needed for all security updates. This is really bad, I hate rebooting. I think they should find a way to avoid this. Some people will tell you that "Well you can just restart the services on the box and not need a reboot".... Yea, and your point? Doing that makes the thing unstable as hell, and you'll end up rebooting anyway.
    Yes, this is something that could be fixed that would really be great, but it was not always the case with unix. The number of reboots needed for the OS to update has dropped dramatically in the past 7 years. Add to that the fact that you can now use qchain and install all of your patches at once, and then reboot once, if needed. If you take the time to do your testing and engineering in advance you can drop your needed reboots by about another 50% and not risk availability. I would never use windows update to update a server, but if you do, all of the patches are downloaded at the same time, and install all together at the same time. I also don't agree with whomever has told you that you can just restart services, because in most cases the reboot is needed to get the proper DLL loaded into the DLL cache protection.

    In the past year the platform I work on has been highly available. I think we are at 290 dpms right now, and about 90 of those are because of an issue with HP high availability servers crapping out on a PCI device failure, high availability my ass. I see absolutely no problem with using Win2k as a server application. The clustering functionality in Win2k blows away anything in linux. I have experience with NCR lifekeeper, not sure who markets it now, and that product sucks in comparison to Win2k clustering. When you can run such a reliable clustering service the needed reboots don't impact high availability systems as much.

  5. #25

    Cool hey jp

    Windows XP Service Pack 2, which was made available for FREE to all Windows XP customers, cost Microsoft over ONE BILLION US DOLLARS to develop. How many companies do you know spend $1 billion to develop something that they plan on giving away for free? I would say this shows a commitment on the part of Microsoft......
    hey i may be wrong , but ms is not doing us any favour by giving us the SP packs,

    1.ms is now under serious competition from linux ( all flavors)
    2.though linux is open source virus es ,you can count them on your finger tips,the virus for windows are countless and you need a seperate antivirus for it ,and that is not free, yes you may also need a virus for linux, but most of them are free!!
    3.the only thing linux lacks is support ,the online supprt of ms is good ,after sales services are good,here is where ms takes over
    4.Ms does not give any thing free ( xcluding ie and windows media player,that too with security holes),if it had then i would say ms is good an dcommited, but the truth is that it does not.do
    5.if ms stops giving services packs then what would be the difference left btw ms and linux (may be the gui)
    6.almost every other product of ms has a venurability.
    7. if ms has spent 1 billion in sp 2 ,then it might have earned more the a 100billion in sales of xp in europe and america alone


    so say ms is not doing us any renAISSANCE by provindin ur free sp 2

  6. #26
    BANNED
    Join Date
    Nov 2003
    Location
    San Diego
    Posts
    724
    1) I don't see any serious competition on the home front seeing as they get their money from any computer that is bought preassembled. And with business I'm sure they have their fair share of the market. And the cost of switching from windows to linux in a business environment is expensive from what I've read here. Since you have to pay to train staff and other details that I'm not to knowledgeable in. But I'm sure someone around here can fill in the blanks on that or you can search the forums. It's been posted on before.
    2)You don't even really need anti-virus software if you don't download stupid crap and if you do want it there are a couple of companies that offer it free.
    http://free.grisoft.com/freeweb.php/doc/2/
    And a few free online scanners:
    http://housecall.trendmicro.com/
    http://www.pandasoftware.com/activescan/
    3) There is so much support for just about any distro of linux that you could think of it's not even funny. And Microsoft does have good support so they may be even on this front.
    4)Linux offers free software for home users but on the business front a lot of distros cost a little money.
    http://www.redhat.com/apps/commerce/
    http://www.suse.com/us/business/prod...s/pricing.html
    http://www.suse.com/us/business/prod...ld/prices.html
    5)Linux offers updates to or service packs... whatever you want to call them.
    6)A lot of nonmicrosoft products have vulnerabilities and you've obviously never done an update on a linux box. Not to mention the two newest vulnerabilities that I've heard of have been in non-microsoft products made for windows.
    7)There is no point to this statement in my eyes. Who cares how much they have made they are trying to make a step toward better securing the OS for the home user as opposed to what they were doing in the past and they are still hearing **** from people who don't know WTF they are talking about.

    Now say something and back it up with evidence don't just sit there and spout off bullshit that has no backing to it.
    When death sleeps it dreams of you...

  7. #27
    you have got me all wrong i was commenting on JP's ( look at the quote ) plz read the post properly
    1.linux is givin ms serious competion as many of my friends have changed to linux and free bsd
    2.
    You don't even really need anti-virus software if you don't download stupid crap
    then what is the use of an os
    see not all flavor of linux give suport for instance look at pcquest linux, launched by an indian magzine called linux,you do not have assistance one the web ,no downloads.

    plz don't neg me gore i am as of low on antipoints ,so plz if you can't do me any good then don't do me any harm!

  8. #28
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    then what is the use of an os
    Well, it is more than just downloading. For companies it's for use of email, creating PR campaigns, storing data, creating data, computating profits, doing research, etc. For individuals, games, internet access, entertainment, etc.

    linux is givin ms serious competion as many of my friends have changed to linux and free bsd
    But that's a narrow view. It's your perception because of who you associate with but may not be an indication of total usage. That may not be true worldwide. In North America, maybe MS is picking up steam. IMO, I do believe that Linux is challenging MS to a degree but how serious it is, I don't know. I don't have an figures to state which way the proverbial wind blows.

    plz don't neg me i am as of low on antipoints ,so plz if you can't do me any good then don't do me any harm!
    This would be better served as a PM, for the two of you to deal with and is beyond the scope of this thread.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  9. #29
    Junior Member
    Join Date
    Sep 2004
    Posts
    26
    Originally posted here by catch
    Wow... I can vividly remember the day when, if I were to defend Windows security I'd have gotten poorly flamed on all sides from Linux, misc UN*X, Solaris, Mac, Amiga, whatever, etc users.

    Good to see the change of pace.

    I would really love to see someone describe why they think NT sucks so much when it comes to security. I mean with real figures not "is well not even 80% safe", whatever the hell that is supposed to mean. Seriously, something that takes into account system capabilities, not merely a specific configuration. An argument that talks about conceptual exploit availability, not just statistically incomparable incident reporting.

    In the last nine years I have never been able to find such a document (save those comparing NT to high assurance, static specification, trusted operating systems or pipe dreams like EROS), yet I've seen heaps against UN*X and Linux, including documents put out by the good people of the NSA and its subordinate organization the NCSC.

    catch
    You dont have to get on my case ok, You know what I ment. Windows goit tomany leaks and holes. I wish it didnt. I LOVE WINDOWS, and im stuck with it for the rest of my life unless corperate goes bsd or nix.
    is this a dream

  10. #30
    Banned
    Join Date
    May 2003
    Posts
    1,004
    we can have a really secure default Windows install.
    Why do you want a secure default install? The default configuration of a system should be the most functional possible, not the most secure. Security should be applied on a case by case basis with the help of the trusted facilities manual, not with sweeping broad strokes laid down by the vendor with no regard for the specific implementation.

    NT is cool but one thing about it is that Microsoft used to have a thing on their web page saying that NT should be rebooted at least once a month to deal with memory leaks. This is all fine for a home user, but not for a server.
    Two points in response to this, one is this is a legal safety net. Two, NT servers at the enterprise level are intended to be run in clusters, so rebooting the systems one at a time has virtually no effect on business. This is a stark contrast to the mentality of many UN*X operations where a single HP-UX or whatever system with god knows how many processors does the work by itself and single system uptime is a far greater concern.

    Now, install Linux with nothing but the things you get with Windows.

    You'll end up with the Kernel, and toss in mpg123 for the media player, links for a browser, Vi and Emacs, and Midnight Commander.
    Don't forget the weaker, less finely grained access control system. Don't forget the gaping security concern of superuser account. Where's the reference monitor? Need I go on?

    When people say Linux has more security flaws than Windows, they are counting an install that has everything, and Linux comes with A LOT more than Windows does.
    When people like me say it, they are speaking of the operating system's security architecture, not applications that run on it. That would be discussing those applications' security, not the operating system's. A secure operating system can protect itself from insecure applications.

    Just my opinion, but Windows as a secure server platform is a fairytail unless you're REALLY good.
    Including things like "really good" negates the entire argument. :-P My point is that NT has a greater capacity for security as it has a more powerful security architecture.

    Everyone has it, knows it, and there's a ton of software out there to hurt or hack it.
    Exactly, everyone has it... what does this mean? It means that bugs spend significantly less time in 0-day land. Is this a good thing or a bad thing?

    linux is open source and has a much greater development staff than any closed-source development. You don't have to wait forever for developers to fix problems that the users find or report.
    Ah this fine argument... two responses (per my usual), one made a post awhile ago (in my attached documents, I'll look later if you can't find it) that featured an article quantifying the average kernel bug's life span in Linux... the average was over 3 years, with some lasting as long as seven years! The second point is that programmers know code, as a rule they know very little about security architecture... microkernel development, reference monitors, more finely grained access controls, they lot. Because Linux is open source, with a programmer at the helm, there has been no overall focus toward a superior security model, all Linux has been doing is making the same mistakes UN*X did over 20 years ago.

    We have debated this topic long and hard on which is the best OS and lost of people have always commented. What is comes down to is one thing.

    THE ADMINISTRATOR!!
    This argument would indicate that the two and in fact all systems have exactly the same capacity for security and the only difference is the admin... I hope the rest of you know better.

    [quote]Windows goit tomany leaks and holes.[quote]

    Name one that actually affects CIA and can't be fixed by proper configuration.

    cheers,

    catch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •